The Worm Will Not Turn On North Korea

Stuxnet, the worm from RussiaAmericaIsrael who knows where designed to take out the American power grid Iranian Uranium refinement centrifugesBCS computer something controlled by Siemens machines has gotten a lot of attention.

Rightly so, as it’s the closest we’ve actually come to something that looks like a genuine cyber attack. The worm was exceedingly well designed by all accounts, and meant to operate in a very subtle way.

Not unless North Korea is run by really big idiots. (Ed: which they are. CD: Yes yes, but that’s not the nuke security scientists!)

The reason? Basically any security attack that exploits bugs in software is a one-shot deal. Bugs are mistakes that get fixed when they are found; if Siemens had known about the holes Stuxnet used, they wouldn’t be there in the first place.

Let’s not think about things that are baked into the systems as design choices that can’t be changed. *cough* BGP *cough.*

I imagine within days, if not hours, of finding out there were problems with their software the good people at Siemens had patches en route to clients.

Wrong, Stuxnet took advantage of a hard coded password in WinnCC. Something that Seimans can not and has not fixed. There is no patch.

Granted now that this particular threat is widely know every AV software on the market has a signature for it so while that particular hole is still there It is likely Stuxnet would be discovered long before it got a chance to use it.